Did a fresh install of Apache Nifi using unofficial Docker for Nifi (https://hub.docker.com/r/apache/nifi/). No users.xml and authorizations.xml found in conf directory. FYI, the conf directory has configuration files like nifi.properties, authorizers.xml, login-identity-providers.xml etc.
The Nifi menu does not show all menu options for anonymous login, like Users menu etc.
How do I enable (i.e make viewable) all the menu options in Nifi UI?
When you install Apache NiFi (building from source or downloading the binaries), the users.xml and authorizations.xml files will not exist at first. When the application is started for the first time, the authorizers.xml file is read and processed, and these files are generated from the configured UserGroupProvider and AccessPolicyProvider.
If you do not choose to secure NiFi using HTTPS, all access is anonymous, and no user accounts are created.
If you choose to secure it, you will have the capability to configure and manage users, groups, and permissions within the NiFi UI.
It is unclear from your question which menu options you expect to see in the global menu when accessing the application as an anonymous user. Please clarify the question or refer to NiFi Admin Guide -- Multi-Tenant Authorization for further details.
Related
I have a puppet module that is deploying a standalone nifi instance. It's all working and it will deploy the application with an initial admin user etc via authorizers.conf.
But in order to configure additional users and groups there is a long process of creating policies and adding users and groups via the gui. I want to automate some of this in my puppet module.
It would be good to be able to automatically create an admin group which is already assigned to a load of policies.
It doesn't seem like this is possible though as the best-practice is to only edit authorizers.xml and allow that to create the resulting authorisations.xml and users.xml, and there is no setting within authorizers.xml to create initial groups or initial policies.
My only idea at the moment is to use something like the nipyapi python module to create users and groups via the api during the initial install.
Or perhaps ignoring the authorisers.xml and just deploy a pre-configured authorizations.xml and users.xml.
Am I missing any other simple or better options?
I installed and configured a fresh version of Apache Nifi 1.14.0 and configured security against my LDAP server. Everything looks fine.
Now I copied my flow.xml.gz file from a different directory (also running 1.14) into the new directory. When I login, I can see the outline of all the process groups and processors, but all the names are missing, and I see that all my users are unauthorized to view anything or make any changes.
Even my admin cannot do anything.
What am I missing here?
I found the solution to my problem. After migrating flow.xml.gz, I needed to add a policy to my root component.
This could be accomplished by right-clicking in the Nifi canvas and select 'Manage Access Policies'. Then add one or more users to View the component.
Apparently the admin can login and then grant himself access to view the main Nifi component (process group).
We are trying to set up a SonarQube server (v. 6.5) to run in Kubernetes. Because of this, we need everything to be configured "as code" not through the web interface.
We have successfully set up single sign-on (SSO) against LDAP server, and that works as such. But since users can then not log out in order to log in as a static admin, we need some way to configure a group that has admin privileges.
It is my understanding that this should be done via group mapping, but all documentation and examples I can find only suggest setting up the groups through the UI.
Is there some way to configure groups via sonar.properties (or other properties file) that are then automatically mapped against groups from LDAP, and configure a group to get admin rights?
I am pretty new to SonarQube (and no ldap expert either), so I hope the question makes sense.
There is no way to configure groups through properties. There are web services (which are used by the UI itself) with which you could script this.
Alternately, see if you can turn on group synching with your SSO. Then you just have to grant admin rights (via the UI? via web services?) to the appropriate group in SonarQube.
I'm doing an install of Apache NiFi 1.3.0... It has a new way to install users, it appears to be only via the GUI.
I'm curious if there's a way to boostrap a list of users by DN with policies set to them. I know there's the legacy users file...
I'm looking at the users.xml file. It requires an identifier which maps to policies found in the authorizations.xml file.
Old NiFi would have had me do it here: https://community.hortonworks.com/articles/886/securing-nifi-step-by-step.html
Here are several resources which explain how to setup a new secure instance:
https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#authorizers-setup
https://pierrevillard.com/2016/11/29/apache-nifi-1-1-0-secured-cluster-setup/
https://bryanbende.com/development/2016/08/17/apache-nifi-1-0-0-authorization-and-multi-tenancy
I'm trying to config a SonarQube server using puppet.
My puppet manifests install software, deploy my custom sonar.properties, deploy ssl certificates, download and configure few plugins and, at last, start service.
Default Global Permissions allows Execute Analysis and Execute Preview Analysis to Anyone.
Default Project Permissions allows Browse and See Source Code to Anyone.
I want change this from my puppet code without using the web interface. Not only before first deploy. In each repuppet I could want change this permissions.
The goal is config and reconfig SonarQube in automatic way.
Thanks and sorry for my english.
To update permissions, you can do it through web service calls: http://docs.codehaus.org/pages/viewpage.action?pageId=231735777